{"cve_id":"CVE-2018-7600","summary":"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.94489,"ranking_epss":1.0,"kev":true,"propose_action":"Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.","ransomware_campaign":"Known","references":["http://www.securityfocus.com/bid/103534","http://www.securitytracker.com/id/1040598","https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/","https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714","https://github.com/a2u/CVE-2018-7600","https://github.com/g0rx/CVE-2018-7600-Drupal-RCE","https://greysec.net/showthread.php?tid=2912&pid=10561","https://groups.drupal.org/security/faq-2018-002","https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html","https://research.checkpoint.com/uncovering-drupalgeddon-2/","https://twitter.com/RicterZ/status/979567469726613504","https://twitter.com/RicterZ/status/984495201354854401","https://twitter.com/arancaytar/status/979090719003627521","https://www.debian.org/security/2018/dsa-4156","https://www.drupal.org/sa-core-2018-002","https://www.exploit-db.com/exploits/44448/","https://www.exploit-db.com/exploits/44449/","https://www.exploit-db.com/exploits/44482/","https://www.synology.com/support/security/Synology_SA_18_17","https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know","http://www.securityfocus.com/bid/103534","http://www.securitytracker.com/id/1040598","https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/","https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714","https://github.com/a2u/CVE-2018-7600","https://github.com/g0rx/CVE-2018-7600-Drupal-RCE","https://greysec.net/showthread.php?tid=2912&pid=10561","https://groups.drupal.org/security/faq-2018-002","https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html","https://research.checkpoint.com/uncovering-drupalgeddon-2/","https://twitter.com/RicterZ/status/979567469726613504","https://twitter.com/RicterZ/status/984495201354854401","https://twitter.com/arancaytar/status/979090719003627521","https://www.debian.org/security/2018/dsa-4156","https://www.drupal.org/sa-core-2018-002","https://www.exploit-db.com/exploits/44448/","https://www.exploit-db.com/exploits/44449/","https://www.exploit-db.com/exploits/44482/","https://www.synology.com/support/security/Synology_SA_18_17","https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"],"published_time":"2018-03-29T07:29:00","cpes":["cpe:2.3:a:drupal:drupal:-","cpe:2.3:a:drupal:drupal:4.0.0","cpe:2.3:a:drupal:drupal:4.1.0","cpe:2.3:a:drupal:drupal:4.2.0","cpe:2.3:a:drupal:drupal:4.3.0","cpe:2.3:a:drupal:drupal:4.3.1","cpe:2.3:a:drupal:drupal:4.3.2","cpe:2.3:a:drupal:drupal:4.4.0","cpe:2.3:a:drupal:drupal:4.4.1","cpe:2.3:a:drupal:drupal:4.4.2","cpe:2.3:a:drupal:drupal:4.4.3","cpe:2.3:a:drupal:drupal:4.5.0","cpe:2.3:a:drupal:drupal:4.5.1","cpe:2.3:a:drupal:drupal:4.5.2","cpe:2.3:a:drupal:drupal:4.5.3","cpe:2.3:a:drupal:drupal:4.5.4","cpe:2.3:a:drupal:drupal:4.5.5","cpe:2.3:a:drupal:drupal:4.5.6","cpe:2.3:a:drupal:drupal:4.5.7","cpe:2.3:a:drupal:drupal:4.5.8","cpe:2.3:a:drupal:drupal:4.6.0","cpe:2.3:a:drupal:drupal:4.6.1","cpe:2.3:a:drupal:drupal:4.6.10","cpe:2.3:a:drupal:drupal:4.6.11","cpe:2.3:a:drupal:drupal:4.6.2","cpe:2.3:a:drupal:drupal:4.6.3","cpe:2.3:a:drupal:drupal:4.6.4","cpe:2.3:a:drupal:drupal:4.6.5","cpe:2.3:a:drupal:drupal:4.6.6","cpe:2.3:a:drupal:drupal:4.6.7","cpe:2.3:a:drupal:drupal:4.6.8","cpe:2.3:a:drupal:drupal:4.6.9","cpe:2.3:a:drupal:drupal:4.7.0","cpe:2.3:a:drupal:drupal:4.7.1","cpe:2.3:a:drupal:drupal:4.7.10","cpe:2.3:a:drupal:drupal:4.7.11","cpe:2.3:a:drupal:drupal:4.7.2","cpe:2.3:a:drupal:drupal:4.7.3","cpe:2.3:a:drupal:drupal:4.7.4","cpe:2.3:a:drupal:drupal:4.7.5","cpe:2.3:a:drupal:drupal:4.7.6","cpe:2.3:a:drupal:drupal:4.7.7","cpe:2.3:a:drupal:drupal:4.7.8","cpe:2.3:a:drupal:drupal:4.7.9","cpe:2.3:a:drupal:drupal:5.0","cpe:2.3:a:drupal:drupal:5.1","cpe:2.3:a:drupal:drupal:5.10","cpe:2.3:a:drupal:drupal:5.11","cpe:2.3:a:drupal:drupal:5.12","cpe:2.3:a:drupal:drupal:5.13","cpe:2.3:a:drupal:drupal:5.14","cpe:2.3:a:drupal:drupal:5.15","cpe:2.3:a:drupal:drupal:5.16","cpe:2.3:a:drupal:drupal:5.17","cpe:2.3:a:drupal:drupal:5.18","cpe:2.3:a:drupal:drupal:5.19","cpe:2.3:a:drupal:drupal:5.2","cpe:2.3:a:drupal:drupal:5.20","cpe:2.3:a:drupal:drupal:5.21","cpe:2.3:a:drupal:drupal:5.22","cpe:2.3:a:drupal:drupal:5.23","cpe:2.3:a:drupal:drupal:5.3","cpe:2.3:a:drupal:drupal:5.4","cpe:2.3:a:drupal:drupal:5.5","cpe:2.3:a:drupal:drupal:5.6","cpe:2.3:a:drupal:drupal:5.7","cpe:2.3:a:drupal:drupal:5.8","cpe:2.3:a:drupal:drupal:5.9","cpe:2.3:a:drupal:drupal:6.0","cpe:2.3:a:drupal:drupal:6.1","cpe:2.3:a:drupal:drupal:6.10","cpe:2.3:a:drupal:drupal:6.11","cpe:2.3:a:drupal:drupal:6.12","cpe:2.3:a:drupal:drupal:6.13","cpe:2.3:a:drupal:drupal:6.14","cpe:2.3:a:drupal:drupal:6.15","cpe:2.3:a:drupal:drupal:6.16","cpe:2.3:a:drupal:drupal:6.17","cpe:2.3:a:drupal:drupal:6.18","cpe:2.3:a:drupal:drupal:6.19","cpe:2.3:a:drupal:drupal:6.2","cpe:2.3:a:drupal:drupal:6.20","cpe:2.3:a:drupal:drupal:6.21","cpe:2.3:a:drupal:drupal:6.22","cpe:2.3:a:drupal:drupal:6.23","cpe:2.3:a:drupal:drupal:6.24","cpe:2.3:a:drupal:drupal:6.25","cpe:2.3:a:drupal:drupal:6.26","cpe:2.3:a:drupal:drupal:6.27","cpe:2.3:a:drupal:drupal:6.28","cpe:2.3:a:drupal:drupal:6.29","cpe:2.3:a:drupal:drupal:6.3","cpe:2.3:a:drupal:drupal:6.30","cpe:2.3:a:drupal:drupal:6.31","cpe:2.3:a:drupal:drupal:6.32","cpe:2.3:a:drupal:drupal:6.33","cpe:2.3:a:drupal:drupal:6.34","cpe:2.3:a:drupal:drupal:6.35","cpe:2.3:a:drupal:drupal:6.36","cpe:2.3:a:drupal:drupal:6.37","cpe:2.3:a:drupal:drupal:6.38","cpe:2.3:a:drupal:drupal:6.4","cpe:2.3:a:drupal:drupal:6.5","cpe:2.3:a:drupal:drupal:6.6","cpe:2.3:a:drupal:drupal:6.7","cpe:2.3:a:drupal:drupal:6.8","cpe:2.3:a:drupal:drupal:6.9","cpe:2.3:a:drupal:drupal:7.0","cpe:2.3:a:drupal:drupal:7.1","cpe:2.3:a:drupal:drupal:7.10","cpe:2.3:a:drupal:drupal:7.11","cpe:2.3:a:drupal:drupal:7.12","cpe:2.3:a:drupal:drupal:7.13","cpe:2.3:a:drupal:drupal:7.14","cpe:2.3:a:drupal:drupal:7.15","cpe:2.3:a:drupal:drupal:7.16","cpe:2.3:a:drupal:drupal:7.17","cpe:2.3:a:drupal:drupal:7.18","cpe:2.3:a:drupal:drupal:7.19","cpe:2.3:a:drupal:drupal:7.2","cpe:2.3:a:drupal:drupal:7.20","cpe:2.3:a:drupal:drupal:7.21","cpe:2.3:a:drupal:drupal:7.22","cpe:2.3:a:drupal:drupal:7.23","cpe:2.3:a:drupal:drupal:7.24","cpe:2.3:a:drupal:drupal:7.25","cpe:2.3:a:drupal:drupal:7.26","cpe:2.3:a:drupal:drupal:7.27","cpe:2.3:a:drupal:drupal:7.28","cpe:2.3:a:drupal:drupal:7.29","cpe:2.3:a:drupal:drupal:7.3","cpe:2.3:a:drupal:drupal:7.30","cpe:2.3:a:drupal:drupal:7.31","cpe:2.3:a:drupal:drupal:7.32","cpe:2.3:a:drupal:drupal:7.33","cpe:2.3:a:drupal:drupal:7.34","cpe:2.3:a:drupal:drupal:7.35","cpe:2.3:a:drupal:drupal:7.36","cpe:2.3:a:drupal:drupal:7.37","cpe:2.3:a:drupal:drupal:7.38","cpe:2.3:a:drupal:drupal:7.39","cpe:2.3:a:drupal:drupal:7.4","cpe:2.3:a:drupal:drupal:7.40","cpe:2.3:a:drupal:drupal:7.41","cpe:2.3:a:drupal:drupal:7.42","cpe:2.3:a:drupal:drupal:7.43","cpe:2.3:a:drupal:drupal:7.44","cpe:2.3:a:drupal:drupal:7.5","cpe:2.3:a:drupal:drupal:7.50","cpe:2.3:a:drupal:drupal:7.51","cpe:2.3:a:drupal:drupal:7.52","cpe:2.3:a:drupal:drupal:7.53","cpe:2.3:a:drupal:drupal:7.54","cpe:2.3:a:drupal:drupal:7.55","cpe:2.3:a:drupal:drupal:7.56","cpe:2.3:a:drupal:drupal:7.57","cpe:2.3:a:drupal:drupal:7.6","cpe:2.3:a:drupal:drupal:7.7","cpe:2.3:a:drupal:drupal:7.8","cpe:2.3:a:drupal:drupal:7.9","cpe:2.3:a:drupal:drupal:8.0.0","cpe:2.3:a:drupal:drupal:8.0.1","cpe:2.3:a:drupal:drupal:8.0.2","cpe:2.3:a:drupal:drupal:8.0.3","cpe:2.3:a:drupal:drupal:8.0.4","cpe:2.3:a:drupal:drupal:8.0.5","cpe:2.3:a:drupal:drupal:8.0.6","cpe:2.3:a:drupal:drupal:8.1.0","cpe:2.3:a:drupal:drupal:8.1.1","cpe:2.3:a:drupal:drupal:8.1.10","cpe:2.3:a:drupal:drupal:8.1.2","cpe:2.3:a:drupal:drupal:8.1.3","cpe:2.3:a:drupal:drupal:8.1.4","cpe:2.3:a:drupal:drupal:8.1.5","cpe:2.3:a:drupal:drupal:8.1.6","cpe:2.3:a:drupal:drupal:8.1.7","cpe:2.3:a:drupal:drupal:8.1.8","cpe:2.3:a:drupal:drupal:8.1.9","cpe:2.3:a:drupal:drupal:8.2.0","cpe:2.3:a:drupal:drupal:8.2.1","cpe:2.3:a:drupal:drupal:8.2.2","cpe:2.3:a:drupal:drupal:8.2.3","cpe:2.3:a:drupal:drupal:8.2.4","cpe:2.3:a:drupal:drupal:8.2.5","cpe:2.3:a:drupal:drupal:8.2.6","cpe:2.3:a:drupal:drupal:8.2.7","cpe:2.3:a:drupal:drupal:8.2.8","cpe:2.3:a:drupal:drupal:8.3.0","cpe:2.3:a:drupal:drupal:8.3.1","cpe:2.3:a:drupal:drupal:8.3.2","cpe:2.3:a:drupal:drupal:8.3.3","cpe:2.3:a:drupal:drupal:8.3.4","cpe:2.3:a:drupal:drupal:8.3.5","cpe:2.3:a:drupal:drupal:8.3.6","cpe:2.3:a:drupal:drupal:8.3.7","cpe:2.3:a:drupal:drupal:8.3.8","cpe:2.3:a:drupal:drupal:8.4.0","cpe:2.3:a:drupal:drupal:8.4.1","cpe:2.3:a:drupal:drupal:8.4.2","cpe:2.3:a:drupal:drupal:8.4.3","cpe:2.3:a:drupal:drupal:8.4.4","cpe:2.3:a:drupal:drupal:8.4.5","cpe:2.3:a:drupal:drupal:8.5.0","cpe:2.3:o:debian:debian_linux:7.0","cpe:2.3:o:debian:debian_linux:8.0","cpe:2.3:o:debian:debian_linux:9.0"]}